Debian DSA-3629-1 : ntp - security update
High Nessus Plugin ID 92571
Synopsis
The remote Debian host is missing a security-related update.
Description
Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs :
- CVE-2015-7974 Matt Street discovered that insufficient key validation allows impersonation attacks between authenticated peers.
- CVE-2015-7977 CVE-2015-7978 Stephen Gray discovered that a NULL pointer dereference and a buffer overflow in the handling of 'ntpdc reslist' commands may result in denial of service.
- CVE-2015-7979 Aanchal Malhotra discovered that if NTP is configured for broadcast mode, an attacker can send malformed authentication packets which break associations with the server for other broadcast clients.
- CVE-2015-8138 Matthew van Gundy and Jonathan Gardner discovered that missing validation of origin timestamps in ntpd clients may result in denial of service.
- CVE-2015-8158 Jonathan Gardner discovered that missing input sanitising in ntpq may result in denial of service.
- CVE-2016-1547 Stephen Gray and Matthew van Gundy discovered that incorrect handling of crypto NAK packets may result in denial of service.
- CVE-2016-1548 Jonathan Gardner and Miroslav Lichvar discovered that ntpd clients could be forced to change from basic client/server mode to interleaved symmetric mode, preventing time synchronisation.
- CVE-2016-1550 Matthew van Gundy, Stephen Gray and Loganaden Velvindron discovered that timing leaks in the packet authentication code could result in recovery of a message digest.
- CVE-2016-2516 Yihan Lian discovered that duplicate IPs on 'unconfig' directives will trigger an assert.
- CVE-2016-2518 Yihan Lian discovered that an OOB memory access could potentially crash ntpd.
Solution
Upgrade the ntp packages.
For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u2.